Users login

Create an account »


Users login

Home » Hacking News » Cisco IOS Cisco Express Forwarding Session Information Leakage Vulnerability

Cisco IOS Cisco Express Forwarding Session Information Leakage Vulnerability

by Nikola Strahija on March 2nd, 2002 IOS is the Internet Operating System, used on Cisco routers. It is distributed and maintained by Cisco.

Under some circumstances, Cisco IOS may leak information from previously routed packets that are still in memory. When a packet sent to a router has a MAC layer packet length shorter than that specified in the IP layer length, the packet is padded by the router before being routed. The data used to pad the packet is taken from other packets previously routed that are still in the router's memory. It should be noted that this problem occurs only when Cisco Express Forwarding is enabled.

Remote: Yes

Exploit: No exploit

Solution: Fixes available:

Cisco IOS 11.1CC:

Cisco Upgrade IOS 11.1(36)CC3

Cisco IOS 12.0T:
Cisco IOS 12.0ST:

Cisco Upgrade IOS 12.0(19)ST

Cisco IOS 12.0S:

Cisco Upgrade IOS 12.0(19)S

Cisco IOS 12.0:

Cisco Upgrade IOS 12.0(20.4)

Cisco IOS 12.1T:
Cisco IOS 12.1E:

Cisco Upgrade IOS 12.1(8a)E

Cisco IOS 12.1:

Cisco Upgrade IOS 12.1(10)

Cisco IOS 12.2T:

Cisco Upgrade IOS 12.2(4)T

Cisco IOS 12.2:

Cisco Upgrade IOS 12.2(3)

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »